• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

securitywing

Menu
  • About
  • Must Read
      • IIS Performance Boost
      • RFID Security
      • Web App Security Testing
      • How to Secure Home Network
      • Prevent Cross-Site Scripting Attacks
      • Renew Self-Signed Certificates
      • Penetration Testing Tools
      • VPN Concentrator
      • Forensic Investigation Tools
      • Digital Certificates
      • Cloud Security Issues
      • Advanced Evasion Prevention
      • Firewall Types
      • Tips to Prevent Data Exfiltration
      • Classified Info Handling
      • MySQL Security
      • Definition of 7 Types of Malware
      • VOIP Security
      • Why Antivirus Software Fails
      • 15 Network Security Vulnerabilities
      • Web App Security
      • IT Security Standards
      • Types of Virtualization
      • Android Security
      • Digital Signature
      • Advanced Malware Protection
    • Close
  • Consultancy
  • Contact

Windows DNS Server Configuration

by wing

DNS or domain name system is one of the most important parts of client-server model. Without a DNS no client could be part of a domain and there will be no way you can convert domain name into the IP address of the server. In this post you will find basic procedures that you can use to configure DNS for your domain controller. Though the procedures described in this post is applicable to Windows 2003 server environment, but it will help you to develop a good understanding to deploy and manage a DNS sever higher than Windows 2003 environment.

DNS installation procedures (forward lookup zone)

  1. In command prompt type dnsmgmt.msc
  2. Select forward look up zone and right click on it
  3. Select new zone and click Next.
  4. Select primary zone
  5. Store the zone in the active directory if DNS server is a domain controller.
  6. Name the zone (put the domain name)
  7. Select dynamic update
  8. Allow only secure domain.
  9. Next, finish.
  10. Right click on the domain name, select dynamic updates-secure only.

dnsmgmt

forward lookup zone

Create a reverse look up zone.

  1. Right click on the reverse lookup zone
  2. Select New Zone and click Next
  3. Select primary zone
  4. Select how you want your zone data to be replicated.
  5. Type the network ID of the domain
  6. Click Next and allow only secure dynamic updates
  7. Right click on the network ID under the reverse lookup zone
  8. Select new pointer and in the host name field type the server IP or browse the fully qualified domain name of your domain controller server.
  9. Right click on the computer name under the DNS and select all tasks and then select restart.

How to enable forwarder?

  1. Right click the server name
  2. Click on properties and then click on forwarder
  3. Type the IP address in the “selected domain forwarder IP address list”
  4. Click ADD and then OK.

 dns forwarders

How to add active directory integrated zone?

  • Right click on the forward lookup zone
  • Check the A.D.I.Z

Hot to copy of primary DNS/ How to configure secondary DNS server?

  1. Open you DNS
    highlight forward lookup zone; right click on it.
  2. Select new zone, click Next.
  3. Select secondary zone in the zone type
  4. Type a name for the zone and click Next. Zone name should be the same name as Primary zone.
  5. Master DNS server: set the primary DNS IP
  6. Click Add, next, OK
  7. Now highlight the reverse lookup zone.
  8. Right click and select new zone
  9. Select secondary zone
  10. Type network ID of the primary, click Next.
  11. Next write the IP of the server from which you want to copy the zone.
  12. Click ADD and Next.
  13. Now, right click on the domain name under the forward lookup zone.
  14. Right click and select properties.
  15. Select allow zone transfer
  16. Select only to the following server and type the name of
  17. The secondary DNS server.
  18. Highlight the reverser lookup zone and select properties.
  19. Select zone transfer and set the IP address of the secondary DNS server.
  20. Now, go to your secondary DNS zone.
  21. Select the forward lookup zone
  22. Put transfer from master.

                                           

How to set aging / scavenging?

  1. Open your DNS management prompt
  2. Right click on the server name
  3. Select Set aging and scavenging for all zones.
  4. Check “ set scavenge stale resource record”.
  5. Set no-refresh interval
  6. Server aging /scavenging confirmation
  7. Select apply these setting to the existing active directory integrated zones
  • To manually check stale resource records, right click on the server name and then select “scavenge stale resource records”.
  • To check DNS errors go to event view from the administrative tools and then select DNS server to find a list of errors.

 

How to manually add DNS client record/how to add static DNS record?

  1. Right click on the domain name under forward look up zone.
  2.  Click on New host
  3. Type client name and IP address
  4. Select “create associated pointer PTR”.
  5. Click OK.
  6. Name aliasing
  7. Right click on the domain name of forward look up zone.
  8. Select new alias
  9. Give alias name
  10. Browse the computer name that will use the alias and click OK.

 adding host record in dns

What is ageing and scavenging?

It is a parameter of DNS server to run garbage collection process to remove stale resource records.

DNS-WINS:  the integration of DNS and WINS is the process to establish communication between WINS serer & DNS server client.

DNS event log:

It’s the monitoring process to figure out DNS server present status. For that we always have to check DNS service property.

NetBIOS name:

It’s a single PC name consist of up to 16 characters, where the 15 characters are used for name and the last or 16th character is used for identifying the services of the server.

Host name resolution process

When you ping the host name for example your host name is system05.security.com, your computer will first check the cache. If it does not find any answer, then it will check the host file. If host file fails to give any answer then the DNS server will resolve. When DNS fail to answer, the LM host file will try to solve the name. And finally WINS will resolve the name. In case WINS also fail to resolve the name then the domain name will be broadcasted. Remember that DNS maintains host file and the WINS maintains LM host file. Resolving name with the help of Host file and LM host file is known as static name resolution. The name resolution process used by DNS and WINS is known as dynamic name resolution.

 

What is recursive query?

Recursive query is a method where DNS server will take full responsibility for replying the client query.

 

What is forward lookup zone?

It converts domain name into IP address.

What is reverse lookup zone?

It is used to convert IP address to domain name.

List of DNS resource records:

  • A – host record
  • PTR- pointer to IP address
  • NS- name server
  • MX- mail exchange or mail server record
  • www- web server
  • CNAME- canonical name, alias record

Active directory integrated zone: if domain controller is made DNS then Active directory integrated zone and standard secondary will be implemented. If a member server is made DNS then it will get only standard secondary

Related Posts:

  • Steps to Configure Direct Access in Windows Server 2012
  • How to Build Failover Cluster in Windows Server 2008
  • Top 20 Windows Server Security Hardening Best Practices
  • 20 Forensic Investigation Tools for Windows
  • How to Check BlackListed IP of WebServer and Website

Filed Under: Tutorial Tagged With: dns, server, windows

Primary Sidebar

CISSP Sample Test

Take a CISSP Sample Test

CISA IT governance Sample test



Twitter Follow @securitywing

Categories

  • AWS
  • containers
  • Internet Security and Safety
  • IS Audit
  • IT Security Exams
  • Network Security Tips
  • Off Track
  • Telecom
  • Tutorial

Pages

  • About
  • Best IT Security Certification Exam
  • CISA IT governance Sample test
  • CISA Sample Test
  • CISSP Sample Test Online
  • Consultancy
  • Contact

Popular Posts

  • 8 Effective Ways to Impro...
  • 3 Steps to Install Miniku...
  • Yahoo Mail Security Setti...
  • How to Setup AWS CloudFro...
  • 3 Simple Steps to Capture...
  • How to Configure AAA (TAC...
  • 5 Steps to Setup a Nexus3...
  • How to Configure SNMP in...
  • How to Install AWS CLI an...
  • How to Renew Self-Signed...

Footer

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

antivirus audit AWS backup browser check cisco cloud computer cyber data database encryption firewall home hsrp ids informaiton internet intrusion it kubernetes linux load balancing malware network protection putty risk router security security tips server ssh SSL switch tools virus vpn vulnerability web webserver website windows wordpress

Copyright © 2010-2023 ·All Rights Reserved · SecurityWing.com